Sent Items Logging

Hi Snowman,

This one will always be recreated, it's part of the install, like when you install a FAX progy : after installing you get a welcome FAX message which was never sent. Rebuilding the *.dbx and this "mail" never received from outside comes back. Even on computers without any connexion get this "mail".

Windows must keep some info about your accounts in the registry otherwise you would not be able to send any mail.


That's where a NT system is more secure : only users with rights on determined folders should access these data.

Cheers,

 

Primrose

very nice reply.....appreciated. In my case all deletes are actually wiped....never less than 7 times with DOD.......everyday the used space on C drive wiped...often several times each day....never less than one wipe....each weekend wiped with Gutmann.............before each wipe everything cleared..index dat etc..cache..
certainly agree with you on the need for secure wipe.......an wipe your comments about the nature of software/computers..............


JACK

appreciate the info.......soon as I wake-up alittle more I will change that Store Root.....
being a person who never uses e mail I am in a position to play with the setting a bit......lost of sending e mail wont bother me............if needed will use a web mail.......mostly just curious to see what happens...........will not delete Identity.......just change the Store Root


STATUS: at the moment no "old" info is being re-create other than that "welcome e mail" which as Jack point out is "normal"...........
info only related to the C drive/os is created "new"....I believe this is only because of.....as Primrose pointed out... a secure "wipe" has been done..numerous times.......otherwise old info would appear.

one thought to share..........its been clearly shown through out this topic that the "exploit" in question collects private information and stores it............as yet no clear solution has been found.............its also been shown that if someone can access the computer...change the settings.......any information Not secure wiped can be recovered without the use of third party tools...(info in those folders)

Here is a situation where a PERSONAL commitment to security comes into play.........a commitment to SECURELY WIPE in particular........several poster have already give great suggestions on that subject......an are more experts than I..........they are best to offer comments

DESKTOP SECURITY: preventing access to the computer.
This is a topic all to itself.....yet obviosly some desktop security is needed..........an not some toy of a program that any K grader can bypass.....imo desktop security will be consider the first line of protection..........
sadly although I have one desktop security,,,,rarely do I use it...........well imo that over-sight because of the afrementioned exploit must be corrected..in my case..

 

TYPO CORRECTION:


>an wipe your comments about the nature of software/computers..............<


SHOULD HAVE BEEN: "an WITH your comments about the nature of software/computers"


PRIMROSE...sorry about that typo

 

* Have already stated that this issue is well above my knowledge......so I am randomly throwing out questions in hopes that the more experience can offer their knowledge*



Question: Would removing windows messenger from outlook express help in this matter ?

 

I can answer that last one. No, removing Messenger will not make any difference in the logging in that folder. It might log some more, but I´m not sure about that.
It´s bad enough that I activated Outlook just to find out what you were all talking about. I refuse to use either Outlook or Messenger

Regards,

Pieter

 

PIETER

thank you much....I am much depending on persons like yourself who have extensive knowledge........I've devoted alot of manhours on this issue but now my knowledge limit has been reached...........I'll continue to research...only must depend on persons of your knowledge....

oddly this exploit is not a real issue with me due to my security habits...at least not now that I am awear of its existence......Pieter its those millions out there who have no idea about security that I am trying to help.....
By the ways.....this topic is getting extremely long....to all mods and administration......if for any reason what ever you feel the thread is either to long or whatever...please advise an no further postings will be made by me.....absolutely no offense will be taken by me.....I want to be considerate of the forum.......my only desire........


another quick question: Would disabling Save As Web Page Complete in IE help to prevent the logging of the websites posters have menbtioned..?


* as you can see the tweaks mentioned are of the registry type......an I sure don't need a os crash right now LOL.....thus the questions

 

Decided to make the call myself in respect to the Administraion.........this thread has become enormous......so for the time being I will stop posting.

will continue to research....if a solution is found it will then be posted. Just does not make much sense for me to keep building onto an already enormous thread....


TO ALL PERSONS WHO REPLIED

Truely your help has been greatly appreciated......there has been real teamwork here....an I feel a personal sense of pride to know such good.., decent people like yourselfs..devoted to security and others.....THANK YOU

Snowman

 

Hi snowman,

If I can find the time somehow, I will try to setup my test computer and check some of the options offered by you.
I already installed ME and a firewall. So all I really have to do is find a safe way to share the internet on this one
That should enable some testing.

Don´t worry about the length of the thread. The length is of no consequence as long as a workable solution comes up, which I hope very much.

Regards,

Pieter

 

PIETER

That is most appreciated....truely I put my heart into this yet must admit to being "at wits end"..........but not defeated LOL

Pieter...was just looking at: " last access stamp" which basically updates the time stamp each time a directory is accessed.......if that was disabled...(certainly would enhance performance) but would that "fool" the os into not updating the information being logged..an instead just log the "old" info over and over again?? this is not for all os's...would only work with NT, 2K and XP.....

About the size of the thread....your kindness is appreciated.......an yet I do wish to be considerate......allow others to post their ideas etc......plus give experience persons like yourself time to look into this issue......otherwise the thread would get so large it would spill over onto some else's website...lol


snowman

 

Hi Pieter

AFM, first thing I do when installing Windows is uninstalling Messenger

OE6SP1 with the right configuration is as secure as any other Mail client. (read in plain txt).

I didn't look for but I am nearly sure that any other Mail client as exactely the same oddity about the store folder: it's not an OE problem but rather related to Windows OS IMHO.

Cheers,

 

QUESTION:

what about disabling "Write Behind Caching" (I think this can only be done on 95/98/ME) an let the data be written directly to the disk bypassing the cache.....?

these are all workable Tweaks.....due to my doing so many reformats I just don't do the tweaks after each format..........

ok..that was my last post for now....my eyes are driping from the strain of reading the registry...time to relax.....an just read you guys...

Great Day To All

snowman

 

Just a quick thought before I reread this entire thread and do some testing:

Check out this key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{Hexadecimal ID Number}\Count

Other then that I´d like to know if you have OE as your default e-mail client.

That ought to give you something to do once your eyes are rested.

Regards,

Pieter

 

Pieter

sorry for the delay in replieing.....needed some sleep desperately..


as you requested


Have got two (2) (id #) counts

one....(not actual title) "version"=default+version

another(not actual title) " HRZR"= default+HRZR


default
version


default
HRZR this one contains a large amount


yes..outlook express is the only e mail client on the machine.......pop3 uses it also


snowman

 

Hi snowman,

I think MRUBlaster cleans that up when you check the Windows UserAssist MRUs.
If you wish, do that and then add the folowing to your registry:

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\Settings]
"NoEncrypt"=dword:00000001
"NoLog"=dword:00000001

I´m curious if new entries will then still be made in the Sent Items.dbx that don´t belong there.

Regards,

Pieter

 

Pieter

on my way to bed....just dropped by for a second.....after a very long sleep....I'll give your instructions a try......just much to tired right now..........

have been in the registry so long that everything has become a blurr.........


snowman

 

LWM

John I just awoke.....had only 4 hours sleep in 48 hours an was out of it.......I'll have to be careful an not stay awake so long again.......effects my business.


to your question.....I disabled that key by the "run"

Regscr32.exe -uc:\windows\system\regwizc.dill
(to disable)

regsvr32.exe -uuc:\windows\system\regwizc.dll

(to re-enable)


that is the one you are referring too isn't it ? usually I disable this but had forgot to after my last re-format.....an so disable it only a couple of days ago........in fact..since no info is being logged may just maybe its helped........have made so many tweaks that right now I need to step back an start making a record of the changes made.....

well almost 9 p.m. slept the entire day...better take care of business now.

snowman

 

Pieter

just a brief comment....MRUblaster has been on the os awhile....it never prevented the logging....is that what you are asking

snowman

 

John

thanks for explaining.........since I've taken the first step of this trip I may as well "do them all" ...its just very difficult for me to keep up with all the changes being made.....in the beginning I should have kept a record.....very first time I have not.......an learned my lesson well.....

got a laptop being worked on at the same time....confusing..

snowman

 

Pieter and John

My os does not have "settings" NoEncrypt"
"NoLog"

In particular not showing "settings" if I understand correctly the other two would need to be created.....(.this is on a win98.......)

 

I did some research on this when SP1 for XP was not yet released, there may have been some changes, but I don´t think so.
I picked up the registry changes on these two sites:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q239062&

http://www.easywindows.com/messages/2402.html

Someone else who looked into this: http://www.utdallas.edu/~jeremy.bryan.smith/articles/explorer_spy.txt

At the time I discarded it as of little interest, added the keys I mentioned before and let it rest.

Well, these keys were supposed to work for every user on every version of Windows, but they don´t

Now I´ve tried adding them as shown in the attachment and will check now and then, but I can tell you already that encrypted logs are still made. Less then before it seems, but really to early to tell.
The one LowWaterMark posted looks much better, but seems limited to Win2k and XP.

You´re description of what was being logged triggered me to remember these UserAssist keys.
I hope this leads somewhere and is of any help.
Because the ice is pretty thin where I´m standing

Regards,

Pieter

 

Forgot the attachment. LOL

 

PIETER and JOHN (LwM)


been at this for 14 hours....one laptop bit the dust....did a deltree on it....EVERYTHING!!! anyone know of an os I can install from floppy(freeware) LOL.....can still use the msdos mode on the A...but only by using the bootdisk.......no drives...

well guys....Pieter that link you provided about the guy who noticed the problem...my guess is that he is looking in the wrong places......Windows is caching that info somewhere......in the os.....not the normal caching....that I clean countless times each day......finding where that caching place is wins the battle imo....from there some way can be found to control it..
of course the registry will do the controling.....as yet we just don't know where at.......WE WILL!!!!!
I definitely have found alot of new info (for me its new) while poking in the registry.......Windows is loaded with tons of complete garbage.......

how in heck this go un-noticed all these years...an if anyone should be concerned it should be the software vendors.....once word gets around that certain products are useless sales will crumble........
just rambling right now......many thoughts and questions.......an guys I am not nearly as experince as yourselfs....so expect be to crash the os during this testing...LOL..........

May you have the greatest new year of ever...

Snowman